It's the same as putting any other public information in public key
certificate. You can put first and last name, email address and even
photo of another person.
In general: unless we have other trusted person to verify that public
key belongs to certain person, we can not ensure key owner identity
before we have some transactions signed with this key.
And we should not only trust person that has verified public key
certificate, we should also know and trust the procedure this person
used to verify public key certificate. And this is very important if
there is a dispute, say about a signed contract.
This was the flaw in pgp's web of trust: verification procedures were
not known.
Best regards,
Viktor Ageyev
CEO, Cryptonomica.net
On 14/07/2021 15:45, Стефан Васильев via Gnupg-users wrote:
if a person, within the EU, would put his COVID vaccination certificate
QR-Code
in his pub-key as photo-ID I would say that than another GnuPG user, within
the EU, or maybe later in the U.S. and elsewhere too, would have the
assurance,
without that the public key is otherwise signed, that this pub key
belongs to that
person.
On GitHub is a decoder available, which allows users to verify the
digital signature
of such COVID certs, with trustlists from EU member states.
https://github.com/stapelberg/coronaqr
Regards
Stefan
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
